This project is mirrored from https://github.com/metabase/metabase.
Pull mirroring updated .
- Sep 02, 2024
-
-
Chris Truter authored
-
Phoomparin Mano authored
* ask for tenancy isolation columns * deny all permissions for all users group * create new collections * add jwt group mappings * add the permissions step * add multi-tenancy message in helper text format * add permission graph * wire together permissions * use schema permissions * use fields from table metadata from query_metadata * add tenancy field reference * remove log messages * deny access to unsandboxed tables * make permission graph more explicit * deny access to sample database for customer groups * add unit test for permission graph * split permission groups and sandboxes * jwt settings and hard-coded user attributes * handle errors when updating sso mappings * add express api and user switcher * only fallback to api keys when license is invalid * add util to sample tenancy column values * conditional BASE_SSO_API imports * improve embedding error message * setup jwt configuration after license step * setup permissions at the last step * add missing import * update steps that requires license * fix incorrect imports * add missing useContext * handle permission update error * remove tenancyIsolationEnabled field * add tenancy column sampling * differentiate tenancy column query error * rename tenancyColumnValues to tenantIds * assign sampled tenant ids to user attributes * add tenant ids * define collection permissions * reference sandboxing group by name * update snippet to be same as the README * extract ask for tenancy columns to a separate step * use the customer_id attribute * query the table query metadata at origin * append tables correctly * improve error handling in table scanning * add retry logic to metadata fetching * only query metadata for selected fields * fix race condition with retry * update loading state and retries * update comments on jwt license Co-authored-by:
Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev> * filter the target table by id * highlight last selected tenant column * use breakout to get list of ids * temporary workaround to reload the whole page * update row value types * update row value types * ask if they want to setup a pro license * post-installation improvements for cli * block non-selected tables * remove the source-field from sandboxing * use the fk_target_field_id as instead of target.id * update unit test * add learn more message * install mock server dependencies * fix post-setup step formatting * fix text wrapping * skip tenancy columns and permissions if token is not provided * only show the server dir step when license is enabled * skip permission setup if there is no tenancy column * remove source-field as we only reference our own column * add runIf flag to skip steps * remove the gitignore mention as this is automatic * configure permission if there are some tenancy columns * make native permission types more strict * add notice about setting up local mb instance * support multiple tenancy columns * map the tenancy column name as the user attribute * add component import guide * fix deprecated punycode in node-fetch * warn on unsampled tables * show helper text on tenancy columns * allow sampling repeated tenant * add instruction to change directory into mock server * align the learn more message --------- Co-authored-by:
Mahatthana (Kelvin) Nomsawadi <me@bboykelvin.dev> Co-authored-by:
Oisin Coveney <oisin@metabase.com>
-
Chris Truter authored
-
Alexander Solovyov authored
-
Tim Macdonald authored
Includes https://github.com/metabase/macaw/pull/97, which will prevent some false positives
-
Alexander Solovyov authored
fixes #46039
-
- Aug 31, 2024
-
-
Oleksandr Yakushev authored
* perf: Use optimized stats functions for computing insights * perf: Rewrite fingerprinters/with-error-handling to not generate closures * fix: Don't reuse global-fingerprinter object
-
adam-james authored
* Snowflake Variant cols should also work in attachments A previous PR fixed the snowflake variant bug by using a try/catch aroung the global-type-settings function. I realized there was a second codepath using the same function and it gets used in xlsx attachment code, so I've made the change there as well to prevent the same error in attachments. * add a test to confirm the viz-settings-for-col function doesn't throw
-
- Aug 30, 2024
-
-
Uladzimir Havenchyk authored
* ci: put failing tests into e2e job summary * cleanup
-
Uladzimir Havenchyk authored
-
Noah Moss authored
-
John Swanson authored
... and the associated flaky test!
-
Ryan Laurie authored
* add useDocsUrl hook and update lint rule * remove all uses of MetabaseSettings.docsUrl * update tests * revert non-docsurl change
-
Noah Moss authored
-
Raphael Krut-Landau authored
-
Jeff Bruemmer authored
-
adam-james authored
* Snowflake Variant Type should not prevent downloads or attachments Fixes #46981 The :type/SnowflakeVariant key matches 2 methods in `metabase.query-processor.streaming.common/global-type-settings`. In this case, it seems that the variant type can be any type, so we shouldn't try to guess anything here, except if the user has provided a :semantic_type, which we can use. Otherwise, we'll keep going without formatting details about the variant column, which is likely fine already, as it should result in strings in the export/attachments. * add a test
-
Case Nelson authored
Fixes #30602 We were overriding localdate in bigquery driver to produce offsetdatetimes for no apparent reason. This causes a number of problems when dealing with date type columns.
-
Case Nelson authored
* Bigquery verify bignumeric fingerprint and bin Fixes #28573 Field values must be scanned. In 45.3, these fields were not being fingerprinted properly. (tag `v1.45.3`) In a 45 point release that appears to have been fixed. (branch `release-x.45.x`) Confirmed fixed in master, adding test * cljfmt
-
github-automation-metabase authored
-
Braden Shepherdson authored
The Portal diff view wants `[before after]` pairs of the original data, not the three-part output of `clojure.data/diff`. This fixes the `qp.debug/debug>` output from the preprocessing middleware to emit correct diffs. Also, since the diffs are not useful when the query is converted between legacy and pMBQL, this also attaches the *converted* input query to the output query's Clojure metadata, and this converted value is used as the basis for the diff.
-
Aleksandr Lesnenko authored
* fix trend lines scaling
-
Chris Truter authored
-
metamben authored
-
Chris Truter authored
-
Chris Truter authored
-
Oisin Coveney authored
-
Tim Macdonald authored
-
Chris Truter authored
-
Oleksandr Yakushev authored
-
Ngoc Khuat authored
* [notification] New method: `channel/can-connect?` (#44955) * [notification] Channel APIs (#45207) * [notification] namespaced channel type (#45527) * [Notification] Render alert for http channel (#45545) * [notification] Add channel description (#45840) * [notification] update API to enable http channels for alert (#45839) * [Notification] Remove channel details for users without write perms (#46034) * [Notification] Serdes channel (#46031) * [Notification] Update http details schema (#45960) * [Notification] Deactivate channels will delete PulseChannel (#46115) * [Notification] audit log for channel create and update (#46113) * [Notification] Disallow undefined key for http channel details (#46712) * [Notification] Handle channel name conflicts (#46818) * Webhooks Admin Section (#46194) * [notification] Fix test pulse endpoint does not work properly for http channels (#46474) (#47050) * [Notification] Fix unable to update multiple channels per type (#47111) * [Notification] Record Task History when pulse sends channel message (#46218) * Enabling Webhook Alerts (#47022) * [Notification] fix cyclic deps (#47379) * [notification] channel serdes spec (#47386) Co-authored-by:
Nick Fitzpatrick <nick@metabase.com>
-
- Aug 29, 2024
-
-
Aleksandr Lesnenko authored
-
bryan authored
* move migration in release to match master * add column if not exists
-
bryan authored
* entity id translation + tests * add api level test * simplify definition of eid-table->model + add test * update tests to take keywords * improve comment * generate the eid-table->model map * delete now-obsolete test * make it work in oss * put the resulting response into a key, so we can add more information later * formatting * use model names without the model/ prefix as keys * Creates list of `api/model->db-model` - update keys for util/entity_id request - update shape of util/entity_id response - add test for not-found eids * formatting * Respond to code review feedback * entity-ids work on /embed/{card,dashboard}* routes * make entity id translation work for all tokens * Merge branch 'static-embed-dashboard-and-question-endpoints' of github.com:metabase/metabase into static-embed-dashboard-and-question-endpoints * massage schema. add tons of tests * decode more eids * test alignment * don't require ns inside of itself :think: * make the test functions to create tokens better * bring back `dashboard-url` --------- Co-authored-by:
Oisin Coveney <oisin@metabase.com>
-
github-automation-metabase authored
Co-authored-by:
Metabase bot <metabase-bot@metabase.com>
-
Nick Fitzpatrick authored
* Query Validator FE * collection path, unit tests * wrapping feature with token flag * updating util function, adding row type * updating session_test.clj * type adjustment * fixing other table sorting * Empty state, clean up utils * unit test adjustment * e2e adjustment
-
Ryan Laurie authored
* another attempt at perms fix * try again * try manual graphql auth * try with global env * Try setting defaults in graphql * try some more things * use my own graphql instance * one more test * remove test code * remove rogue curly brace
-
Dennis Schridde authored
== Goal == Hide attached DWH database details from anyone incl. admins: * Do not show them in the UI * Do not permit to change them * Do not serialize them The aim is that customers cannot gain access to (parts of) credentials, and they cannot break a feature they are paying for by changing connection details. == Implementation == The Metabase backend already contains provisions in the implementation of `metabase.models.interface/to-json` for `:model/Database` to hide the `details` of the database in HTTP responses, if the user lacks write permission on the database. We utilize this by adding an `is_attached_dwh` column to the `database` table and rejecting `metabase.models.interface/can-write?` when this flag is enabled. In the "admin" UI, we show a replacement text instead of the edit form when the flag is set. (It might be correct to show this whenever `details` is absent. See below for possible follow-up work.) However, several sections of the frontend code expected the `details` field to always be present. In order to make `details` optional, as the backend seems to handle it, we fix the respective code to treat this case in the way that appears appropriate in the context. Database details are already generally excluded from H2 dump snapshots (see `metabase.cmd.copy/*copy-h2-database-details*`), thus nothing changes there. == How to test == === New behaviour === Setting the `is_attached_dwh` field hides the database details: 1. Configure a database as described in https://www.metabase.com/docs/latest/configuring-metabase/config-file#databases. - In addition to the fields you would normally set, also set `is_attached_dwh: true`. - This also works when adding this flag to a database that previously did not have this flag set. 2. Start your Metabase instance. 3. Verify the database shows up in the "admin" section (`/admin/databases`). 4. Verify that clicking the database to see its details only reveals "This database cannot be modified." 5. Verify that responses from the backend do not include a `details` field for this database. === Original behaviour === Behaviour without setting the `is_attached_dwh` field is unchanged: 1. Configure a database as described in https://www.metabase.com/docs/latest/configuring-metabase/config-file#databases. - Only set the fields you would normally set. Do not set `is_attached_dwh` (or set it to `false`). 2. Start your Metabase instance. 3. Verify the database shows up in the "admin" section (`/admin/databases`). 4. Verify that clicking the database to see its details only reveal the regular edit form, showing connection fields like `host`, `user`, etc. with the values you configured. == How this will be rolled out == 1. Upgrade existing Metabase Cloud instances with data warehouse to a Metabase version that supports `is_attached_dwh`. 2. Set `is_attached_dwh` in the database section of the config file for Metabase Cloud instances with a data warehouse. == Possible follow-up work == In https://github.com/metabase/metabase/issues/25715, absent `database.details` was identified as a bug. Since then, `details` was made `NOT NULL` in the application database, so this bug can no longer occur. However, today backend responses can be missing the `details` field, if the current user lacks write permission to the database setting (see above). Fully re-evaluating the fix to #25715 in this context is outside the scope of this PR. Closes: https://github.com/metabase/harbormaster/issues/5051
-
Cam Saul authored
* Add `clojure -M:kondo` and `clojure -M:kondo:kondo/all` and bump version * Fix Kondo errors * Fix Kondo+LSP issues with `defendpoint`, `defenterprise`, etc. * Use replace-deps instead of deps for speed * Ok apparently maybe we do need to copy configs when we run Kondo on CI * Oops `./bin/kondo.sh` should not try to use `clj-kondo` * Remove references to GA driver folders
-
Noah Moss authored
-